WordPress.org
Get WordPress

Make WordPress Core

Changeset 28412


Ignore:
Timestamp:
05/15/2014 03:24:40 AM (11 years ago)
Author:
wonderboymusic
Message:

Eliminate use of extract() in wp_xmlrpc_server::blogger_editPost().

See #22400.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r28083 r28412  
    42104210     * @return bool true when done.
    42114211     */
    4212     function blogger_editPost($args) {
     4212    function blogger_editPost( $args ) {
    42134213
    42144214        $this->escape($args);
     
    42204220        $publish     = $args[5];
    42214221
    4222         if ( !$user = $this->login($username, $password) )
    4223             return $this->error;
     4222        if ( ! $user = $this->login( $username, $password ) ) {
     4223            return $this->error;
     4224        }
    42244225
    42254226        /** This action is documented in wp-includes/class-wp-xmlrpc-server.php */
    42264227        do_action( 'xmlrpc_call', 'blogger.editPost' );
    42274228
    4228         $actual_post = get_post($post_ID,ARRAY_A);
    4229 
    4230         if ( !$actual_post || $actual_post['post_type'] != 'post' )
    4231             return new IXR_Error(404, __('Sorry, no such post.'));
     4229        $actual_post = get_post( $post_ID, ARRAY_A );
     4230
     4231        if ( ! $actual_post || $actual_post['post_type'] != 'post' ) {
     4232            return new IXR_Error( 404, __( 'Sorry, no such post.' ) );
     4233        }
    42324234
    42334235        $this->escape($actual_post);
    42344236
    4235         if ( !current_user_can('edit_post', $post_ID) )
     4237        if ( ! current_user_can( 'edit_post', $post_ID ) ) {
    42364238            return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
    4237 
    4238         extract($actual_post, EXTR_SKIP);
    4239 
    4240         if ( ('publish' == $post_status) && !current_user_can('publish_posts') )
    4241             return new IXR_Error(401, __('Sorry, you do not have the right to publish this post.'));
    4242 
    4243         $post_title = xmlrpc_getposttitle($content);
    4244         $post_category = xmlrpc_getpostcategory($content);
    4245         $post_content = xmlrpc_removepostdata($content);
    4246 
    4247         $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt');
    4248 
    4249         $result = wp_update_post($postdata);
    4250 
    4251         if ( !$result )
     4239        }
     4240        if ( 'publish' == $actual_post['post_status'] && ! current_user_can( 'publish_posts' ) ) {
     4241            return new IXR_Error( 401, __( 'Sorry, you do not have the right to publish this post.' ) );
     4242        }
     4243
     4244        $postdata = array();
     4245        $postdata['ID'] = $actual_post['ID'];
     4246        $postdata['post_content'] = xmlrpc_removepostdata( $content );
     4247        $postdata['post_title'] = xmlrpc_getposttitle( $content );
     4248        $postdata['post_category'] = xmlrpc_getpostcategory( $content );
     4249        $postdata['post_status'] = $actual_post['post_status'];
     4250        $postdata['post_excerpt'] = $actual_post['post_excerpt'];
     4251
     4252        $result = wp_update_post( $postdata );
     4253
     4254        if ( ! $result ) {
    42524255            return new IXR_Error(500, __('For some strange yet very annoying reason, this post could not be edited.'));
    4253 
    4254         $this->attach_uploads( $ID, $post_content );
     4256        }
     4257        $this->attach_uploads( $actual_post['ID'], $postdata['post_content'] );
    42554258
    42564259        /**
Note: See TracChangeset for help on using the changeset viewer.